Skip to content
  • There are no suggestions because the search field is empty.

FinCEN Compliance Checklist for Transfer Agents

Bank Secrecy Act (BSA) & Anti-Money Laundering Compliance Checklist

The Financial Crimes Enforcement Network (FinCEN) is the United States financial intelligence unit and is responsible for administering and enforcing Anti-Money Laundering (AML) requirements under the Bank Secrecy Act (BSA). Transfer agents registered with the SEC are subject to FinCEN oversight and are required to establish, maintain, and administer a risk-based AML compliance program designed to detect and prevent money laundering, terrorist financing, fraud, and other financial crimes.

This checklist is intended to help transfer agents understand the core compliance requirements that may apply to their operations. While specific regulatory expectations may vary based on the scope of services, issuer client base, asset types serviced (including traditional securities and tokenized/digital assets), and overall risk profile, all transfer agents are expected to maintain an effective BSA/AML compliance framework and demonstrate ongoing compliance during regulatory examinations.

A transfer agent is considered a securities market participant responsible for maintaining records of securities ownership, processing transfers of ownership, issuing and canceling securities certificates, distributing dividends and interest payments, managing shareholder communications, and facilitating corporate actions such as mergers, stock splits, and tender offers. Transfer agents may service publicly traded companies, private issuers, investment funds, and other securities issuers. Transfer agents servicing tokenized securities or digital asset securities on distributed ledger platforms face additional emerging compliance obligations as regulatory guidance continues to evolve.

If your organization operates as a transfer agent within the United States, it is important to ensure that your AML compliance program meets FinCEN requirements and aligns with regulatory expectations established by the SEC and applicable federal standards. Failure to maintain an effective compliance program can result in regulatory enforcement actions, monetary penalties, reputational damage, and increased scrutiny from examiners.

Required - Mandatory by regulation

Needs tool - Technology required

Emerging - New/digital asset obligation

BSA/AML Program Framework

  • Written BSA/AML compliance program approved by Board of Directors or equivalent governing body Required
  • Designated BSA Officer with relevant securities and transfer agent compliance authority and sufficient resources Required
  • Regular reporting of BSA/AML activities to Board and senior management Required
  • Enterprise-wide BSA/AML risk assessment documented and maintained Required
  • AML/BSA policies and procedures tailored to transfer agent risk profile and issuer client base Required
  • Annual independent audit of BSA/AML program (internal or external) Required
  • Comprehensive AML training program for all employees (annual minimum) Required
  • Training for Board and senior management on AML compliance requirements Required

Customer Identification Program (CIP) & Due Diligence

  • Collect and verify identity of all customers (shareholders, issuers, and intermediaries) at account opening Required Needs tool
  • Verify identity using documentary and/or non-documentary evidence Required
  • Compare customer identity against FinCEN Exclusion List, OFAC lists, and negative media Required Needs tool
  • Identify and verify beneficial owners (25%+ ownership) of all legal entity customers and issuer clients Required
  • Understand the nature and purpose of each customer relationship (Customer Due Diligence Rule) Required
  • Obtain information on source of funds/source of wealth for higher-risk shareholders or counterparties Required
  • Enhanced due diligence (EDD) for higher-risk customers (foreign PEPs, shell companies, nominee holders, etc.) Required Needs tool
  • Ongoing monitoring and periodic update of customer and shareholder information Required Needs tool

Shareholder Account and Transfer Monitoring

  • Implement transaction and transfer monitoring system (automated + manual review) for securities transfers Required Needs tool
  • Monitor for unusual transfer patterns: atypical volumes, frequencies, counterparties, or jurisdictions Required Needs tool
  • Monitor for layering or structuring activity across shareholder accounts Required Needs tool
  • Document investigation and escalation procedures for flagged transfer activity Required
  • Escalate suspicious transfers to SAR review process within defined timeframe Required
  • Monitor for rapid round-trip transfers or unusual certificate issuance patterns Required Needs tool

Suspicious activity Reporting (SARs)

  • File Suspicious Activity Reports (SARs) for suspicious transactions or activity Required
  • File SARs within 30 calendar days of detection of suspicious activity Required
  • Establish internal SAR procedures including investigation and documentation Required
  • Designate individuals responsible for SAR review and filing Required
  • Train staff on recognizing suspicious activity related to securities transfers and escalation procedures Required
  • Maintain confidentiality regarding SAR filings (tipping-off prohibition) Required

OFAC Sanctions Compliance

  • Screen all customers and shareholders against OFAC SDN List at account opening and transfer initiation Required Needs tool
  • Implement ongoing OFAC screening procedures on list updates and new sanctions designations Required Needs tool
  • Freeze accounts of customers matching OFAC designations and block transfers Required
  • Report blocked transactions to OFAC within 10 business days Required
  • Maintain records of OFAC compliance actions and blocked transactions Required
  • Document OFAC sanctions policies and procedures Required

Customer Due Diligence (CDD) - Benificial Ownership

  • Identify all beneficial owners of legal entity customers and issuer clients (persons owning 25%+ of entity) Required
  • Verify beneficial owner identity through government ID or other reliable means Required Needs tool
  • Maintain and periodically update records of beneficial owners Required
  • Understand the purpose of the customer relationship and expected transaction activity Required
  • Implement ongoing monitoring of customer and beneficial owner information Required Needs tool

Third Party Intermediary Risk

  • Conduct due diligence on all intermediaries, sub-agents, and issuer clients Required
  • Enhanced due diligence on relationships involving high-risk jurisdictions or complex structures Required
  • Obtain management certification regarding beneficial owners of third-party relationships Required
  • Ongoing monitoring of third-party and intermediary activity and compliance posture Required
  • Document vendor risk management and third-party compliance assessment procedures Required

Tokenized and Digital Asset Securities (Emerging)

  • Assess whether transfer agent services for tokenized securities trigger additional FinCEN/SEC obligations Required Emerging
  • Implement blockchain analytics tools to monitor on-chain transfers of tokenized securities for AML risk Needs tool Emerging
  • Apply Travel Rule compliance procedures for tokenized security transfers meeting applicable thresholds Required Emerging
  • Perform enhanced KYC/KYB for issuers and investors using distributed ledger-based securities platforms Required Emerging
  • Monitor smart contract interactions and wallet addresses associated with tokenized security transfers Needs tool Emerging
  • Maintain audit trail of on-ledger and off-ledger transfer activity for tokenized securities Required Emerging
  • Engage legal counsel to assess applicability of SEC Staff Bulletin on digital assets to TA operations Emerging
  • Establish procedures for de-listing or freezing tokenized positions upon OFAC or sanctions match Required Emerging

Record-keeping & Documentaion

  • Retain all CIP documentation for minimum 5 years after account closure or relationship termination Required
  • Maintain CDD and beneficial ownership records for 5+ years Required
  • Maintain records of all SARs and CTRs filed and related documentation Required
  • Document all SAR investigations and decisions Required
  • Maintain transfer records and monitoring activity logs Required
  • Keep audit trail of all AML system modifications and compliance reviews Required
  • Maintain training records and employee certifications Required

Reglitory Compliance & Examination Readiness

  • Prepare for periodic SEC and FinCEN examinations of BSA/AML program Required
  • Document policies and procedures in audit-ready format Required
  • Maintain evidence of compliance testing and controls effectiveness Required
  • Address any prior examination findings and regulatory requests Required

 

Need help with your FinCEN compliance program? Click here to schedule a call with one of our experts.